Apple’s iMessage crypto stymies federal eavesdropping of drug suspect

Encryption used in Apple's iMessage service is thwarting federal drug enforcement agents' attempts to eavesdrop on a suspect's chat messages, according to a report published Thursday.

The CNET report cited an internal government document discussing a criminal investigation in February. It warned that because of the encryption, "it is impossible to intercept iMessages between two Apple devices" even when agents have obtained a court order. The Drug Enforcement Agency "Intelligence Note" said iMessage stymied the ability to perform real-time electronic surveillance under federal wiretap statutes. Text messages already obtained from Verizon Wireless were incomplete because the investigation target used the Apple service. "It became apparent that not all text messages were being captured."

The report is the latest and most detailed example of the technological obstacles law enforcement authorities face when conducting court-authorized surveillance. FBI Director Robert Mueller has described the problem as "Going Dark." Over the past decade the FBI has pushed for laws and regulations that increase agents' access to social-networking websites, VoIP and chat services, e-mail services, and broadband providers.

Apple officials have never publicly discussed in detail precisely how iMessage encryption works. When the service was announced in 2011, the company said it would use "secure end-to-end encryption," according to CNET. In October, CEO Tim Cook said 300 billion messages had been sent over iMessage, which uses the Internet for transmission as opposed to SMS messages, which are sent over wireless providers' networks. The CNET article also pointed to this partial analysis of iMessage and this blog post from Matt Green, a cryptographer and professor at Johns Hopkins University. Green said iMessage has "lots of moving parts" that provide ample places where things could go wrong.

The DEA said that "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone provider," CNET reported. But if messages are exchanged between an Apple device and a non-Apple device, they "can sometimes be intercepted, depending on where the intercept is placed."

I could be mistaken, but hasn't BlackBerry's encryption stymied law enforcement attempts at eavesdropping for years? I seem to recall whole countries threatening to not allow BB devices to be deployed there because of their security protocols.

That it will take the DEA longer to conclude some drug cases, and that they may miss conviction on some is a cost I'm happy to bear for the benefit of not having all my communications an open book to the feds.

I fail to see the problem with this. That is how Encryption is supposed to work. Get a warrant and then Apple might be able to read you the info off the device. But you don't get to break peoples privacy just because you want to.

I am so glad that they secured the right to encryption in the 90s. I shudder to think what computer security would be like if the government had backdoors into every system.

I could be mistaken, but hasn't BlackBerry's encryption stymied law enforcement attempts at eavesdropping for years? I seem to recall whole countries threatening to not allow BB devices to be deployed there because of their security protocols.

Huh? RIM opened up it's email to governments 2-3 years ago. I always considered it one of the major reasons Blackberry became a moot point. We will see if Apple caves as well...

Obtain a proper warrant and/or do the requisite gumshoe work. I have no sympathy for their plight. They'll bring down the "hammer of God" on Aaron Schwartz and then whine about not being able to read the messages of the "peasants." Legalize the lesser drugs and get back on enforcement of important matters like criminally prosecuting the bankers that devastated the lives of millions. Simply put, life's not fair, deal with it.

They can read those messages... with a warrant. Get one, copper. We won't give up our freedoms on account of you looking for path of least resistance during your investigation.

From the article ""secure end-to-end encryption,"" meaning no intermediary host.

There is no intermediary for them to take their warrant to and demand data.

They can always get a warrant to actually take physical posession of the phone, to read it's contents, or even jailbreak it so they can install a keylogger. Obviously not as easy as just being able to intercept messages though.

I hate the idea of iMessage, because it is unknown and therefore I'd be pretty unlikely to trust it. But even so, I think this is great news. Hopefully more people will start using end-to-end encryption in messages and emails so we can regain some semblance of privacy.

Makes you wonder why the DEA announced to the entire world that they can't break that encryption.If I wanted to give them credit I would say they had broken it, but wanted to convince suspects that it was secure so that they would use it more... I don't think that the government is capable of anything like this (at least not anymore) so I guess they are just dumb.

Makes you wonder why the DEA announced to the entire world that they can't break that encryption.If I wanted to give them credit I would say they had broken it, but wanted to convince suspects that it was secure so that they would use it more... I don't think that the government is capable of anything like this (at least not anymore) so I guess they are just dumb.

I think if a government agency can break iMessage, it will be the NSA, FBI, etc. I don't know why the DEA would publicly say such a ridiculous thing, but I doubt they've cracked it.

"The CNET report cited an internal government document discussing a criminal investigation in February. It warned that because of the encryption, "it is impossible to intercept iMessages between two Apple devices" even when agents have obtained a court order. "

Sure. I totally believe that the DEA let an internal document detailing what would be an enormous impediment to their investigative ability slip to a media outlet.

Watch the idiot criminals flock to iMessage, and then rend their garments while being sentenced a year later, asking "HOW COULD I HAVE BEEN BUSTED IT WAS SECURE AGAINST THE DEA I READ IT ON THE INTERNET!"

They can read those messages... with a warrant. Get one, copper. We won't give up our freedoms on account of you looking for path of least resistance during your investigation.

From the article ""secure end-to-end encryption,"" meaning no intermediary host.

There is no intermediary for them to take their warrant to and demand data.

They can always get a warrant to actually take physical posession of the phone, to read it's contents, or even jailbreak it so they can install a keylogger. Obviously not as easy as just being able to intercept messages though.

This. Take the guy's phone and get the messages off it, with help from the vendor and a judge (the whole warrant thing).

If iMessage is SSL based, then Verisign can listen in...if Verisign can listen in then so can the Feds.

At least with Blackberry you can operate your own intermediate comm server and encrypt everything yourself.

First, Verisign isn't necessary for SSL, they just happen to be one of the more popular trusted cert providers. There's nothing stopping Apple (or anyone) from creating their own trusted root cert that gets used to sign subsequent certs in the chain.

Second: A root cert is not able to decrypt messages encrypted with a cert that it signed. Signing a cert just says "the contents of this cert is proven to be correct, sincerely 'signing cert'". In other words, the signing cert has no knowledge of the private key belonging to the cert it signed, and can't possibly decrypt anything.

Makes you wonder why the DEA announced to the entire world that they can't break that encryption.If I wanted to give them credit I would say they had broken it, but wanted to convince suspects that it was secure so that they would use it more... I don't think that the government is capable of anything like this (at least not anymore) so I guess they are just dumb.

They didn't announce it. If you had actually read the article, you would have seen that info was illegally obtained.

If iMessage is SSL based, then Verisign can listen in...if Verisign can listen in then so can the Feds.

At least with Blackberry you can operate your own intermediate comm server and encrypt everything yourself.

I think we can assume that they are sophisticated enough to think of more ways than you can. If they say they can't break it, we can assume it can't be broken. Any simplistic methods mentioned here have no doubt already been tried.

Shocking, just shocking, that Big Brother can't read messages sent between citizens who have not been convicted, and thus presumed innocent. Why doesn't BB and his minions simply legalize harmless drugs, admit that the war on drugs was (another) Nixonian disaster, and go after terrorists ... beginning with economic terrorists like the Wall Streeters who started the Great Recession with their tranches of worthless securities they manipulated into having AAA-1 ratings.